Estimated reading time: 2 minutes
Executive Summary
If you are a US-based Company needing immediate Incident Response Services for your M365 Tenant or Unix Servers please DM 7x24x365.
Table of contents
ATO BEC
In the normal course of business, your Company may be affected by an ATO BEC (Account Take Over | Business Email Compromise) of your Microsoft 365 Tenant and/or Unix Servers. I provide immediate on-site and remote Incident Response Services with continental US.
Monte Carlo Outcome
The Threat Actors often produce a Monte Carlo outcome. Typical actions are sending Emails to your Vendors and Client Base for Monetization. Expect that during an ATO & BEC the Attackers will likely modify sensitive files and conduct financial operations on behalf of your Company. You should also investigate domain registrations, certificate revocation lists and workload submissions.
ATO BEC Response Plan
- Retain my Response Attorney [RA]
- Contact me
- Create an Global Admin Account (GAA) for RA
- RA retains me as Agent & Custodian for GAA
- Analysis begins immediately upon receipt of GAA from RA
- RA is the Manager for the DFIR Response
- RA Retains the Engagement Teams
- RA is Point of Contact for:
- LEO’s
- AGO’s
- Insurance Carriers
- Other Interested Parties
- RA manages the Event Mitigation & Remediation
- RA manages the Implementation of Best Practice
- RA manages the Notification of Affected Persons
- RA manages all Legal & Regulatory Filings
Implementations
MultiFactor Authentication
Implemention for MultiFactor Authentication (MFA) and/or Phishing Resistant MFA will be completed within 24 hours using Conditional Access for your Microsoft 365 Tenant. Best Practice involves user access & authorization based on conditional access policies to bring signals together, to make decisions, and enforce policy. Hardware Authentication will be implemented within 30 days per user.
Written Information Security Policy
The RA will deliver the required Written Information Security Policy (WISP) based on the State(s) that your Client(s) reside. Sensitive informaton such as Social Security Numbers, credit and debit card numbers, and bank account information must be kept confidential and secure under law and require this written information security policy.
Notification Process
The RA will discuss the AGO Notification Process and initiate contact with the necessary legal and regulatory authorities.
Onsite & Remote Services
Onsite & Remote Services begin upon your retention of the Response Attorney, RA. Please contact me for an introduction. The immediate goals are to ingest all Digital Forensics, conduct Incident Response and implement Best Practice while commencing the Notification Process.
We are available 7x24x365.